Friday, February 6, 2015

If you're looking to find out a little bit more information about ransom Trojan malware (ransomware) – and if, more importantly, you are looking for a couple of easy to execute tips that will help you protect yourself against becoming a victim to this unpleasant form of malware, read on and we'll hopefully answer any questions you may have, including how to restore your files.

What is ransom Trojan malware?

Ransom Trojans are the most commonly found type of malware on the Internet – which is unfortunate because they are also one of the nastiest. They are a serious threat to your computer's security and they have a nasty habit of encrypting your files. Generally speaking they are used to extract money from you or to defraud you and they can do a lot of irretrievable damage. This particular ransom Trojan encrypts pretty much every file on your computer. It simply scans your computer for files, encrypts them and gives random names to each file ending with the XTBL file extension. Then, it creates at least 10 text files with instructions on how to get your files back. It also adds a new background image with warning that your files were encrypted and that you have to read README.txt files for more information. Here's how it looks:

As you can see, cyber crooks provide the same information in two languages: English and Russian. It probably means that this ransomware campaign targets not only English speaking countries but also others that understand Russian. Each victim gets a unique code that must be emailed to either deshifrator01@gmail.com or deshifrovka@india.com. I'm pretty sure that they change email address quite often, so don't be surprised if yours are different. Cyber crooks say that they will send you all necessary information by email and that all attempts to decrypt your files will result in data loss. I haven't tried to contact them, so I can't say whether it's true or not. What I can confirm is that this ransom Trojan does encrypt files. My guess is that cyber crooks ask to pay the ransom which could be $300, $500 or even more in order to get a decryption tool and decrypt your files. That's how ransomware usually works.

Here's how encrypted files look like:

How does ransom Trojan malware get its name?

Trojan Horse malware takes its name from the ancient Greek fable (or true story?!) in which Greece defeated their enemies in the Trojan War by building a gigantic, hollow wooden horse and hiding their soldiers inside it. They wheeled the horse to the gates of the city and pretended it was a peace offering to the people of Troy. In reality, of course, it was merely a tactical attempt to infiltrate the city and attack it from the inside. And that is precisely what they did, winning the war.

And that is precisely how ransom Trojan malware works too. It is a malicious computer program that has been designed to look as if it is innocent. So when you think you are downloading a game, the latest episode of your favorite TV show shared in a peer to peer file, or even an anti-virus program, you could in fact be downloading and installing malware instead. And it's usually a combination of different Trojans. In my case, it was Worm.Korron, Trojan.Agent.XN and Trojan.Packed.28357. The last one runs from the %Temp% folder and downloads orher malware files onto your computer. It's very important to remove all malware from your computer before trying to restore your files or use any file decrytion tools.

Traits of ransom Trojan Horse

As well as causing security breaches on your operating system and deleting your files (in fact they can erase all the contents contained in your entire system), extremely scarily, they can also give the programmer of the Trojan Horse access to your computer. They will encrypt your files and then turn your PC into something called a zombie computer and use it to attack other users.

So without further ado – here are 2 ways to protect yourself – and your PC – from ransom Trojan Horse malware

Many ransom Trojans are hidden in email attachments, links in instant messenger chat apps or in shareware and P2P files, however websites are also used to download them onto your machine by use of something called a 'drive by' installation. Any website can be a potential target by a cyber crook – and therefore a potential danger – but the more disreputable the site (pornography or gambling sites for example) the bigger the danger.

Back up your files on a regular basis and keep files on a hard drive, or even on another computer – anywhere safe! Backup twice if you want to doubly ensure your safety. When you have copies of all your files, documents and data you will be able to get back up and running again much quicker than if a ransom Trojan encrypted everything and you had no duplicates.

To remove this ransom Trojan and related malware from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win. Good luck and be safe online!

Step 1: Removing the ransom Trojan and related malware:

Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by ransom Trojan virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

11
comments:

In that case you really don't have any other option than paying the ransom BUT I wouldn't do that unless those files are very very important. There's really no guarantee that cyber criminals will decrypt your files even after paying the ransom. Keep this in mind when you make the decision.

For the anonymous who payed, please upload the tool or i think you re lying and maybe u also do such things... DON'T PAY anyone, even if on your pc there was something important, try by your own but don't give money to these thieves. I m trying to decrypt my pc, if i will not then i ll format everything, but i prefer to destroy my pc while setting it on fire than give one cent to these people.

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.